Description
This security note describes a prevention of a Cross-Site Scripting Vulnerability in the UDDI Client. The UDDI Client is part of NetWeaver Application Server Java (AS Java). As such it is part of several other NetWeaver components such as the Exchange Infrastructure. The affected version is 640, 700 and 701.
The UDDI Client is a tool that implements the Universal Description Discovery and Integration (UDDI) functions based on the UDDI v2.0 specification. The UDDI Client is started automatically when accessing it and can be reached via the URL http://<host>:<port>/uddiclient.
For more information of the UDDI Client see the SAP Documentation at http://help.sap.com/saphelp_nw70/helpdata/en/fe/0cb6f543994cd08bbbc6e0f22023e0/frameset.htm or search http://help.sap.com for “UDDI Client”.
For customers using the UDDI Client.
Affected versions: NetWeaver J2EE Engine 640/700/701
Fixed versions: NetWeaver J2EE Engine
640 – SP25
700 – SP20
701 – SP05
702 – fix is available in its first release
710 – not relevant
711 – not relevant
720 – not relevant
Where to get: Download the latest SP from SAP Service Marketplace
Available fix and Supported packages
- SAP_JTECHS | 6.40 | 6.40
- SAP_JTECHS | 7.00 | 7.02
- SAP JAVA TECH SERVICES 6.40 | SP025 | 000000
- SAP JAVA TECH SERVICES 7.00 | SP014 | 000026
- SAP JAVA TECH SERVICES 7.00 | SP017 | 000011
- SAP JAVA TECH SERVICES 7.00 | SP018 | 000011
- SAP JAVA TECH SERVICES 7.00 | SP019 | 000005
- SAP JAVA TECH SERVICES 7.00 | SP020 | 000000
- SAP JAVA TECH SERVICES 7.01 | SP003 | 000009
- SAP JAVA TECH SERVICES 7.01 | SP004 | 000012
- SAP JAVA TECH SERVICES 7.01 | SP005 | 000000
- SAP JAVA TECH SERVICES 7.02 | SP002 | 000000
Affected component
- BC-ESI-UDDI
UDDI Server
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1322098